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We claim: 

L l. A cryptographic device, comprising: 

means for performing one or more cryptographic 
operations; and 

a data storage device for storing access permission 
data ^presenting an availability of one or more 
cryptographic characteristics in accordance with which 
one or moire of the cryptographic operations are 
performed \ wherein once a value or values of the access 
permission c^at a are stored in the data storage device, 
the value oryalues of the access permission data cannot 
be changed. 



2. A cryptographic device as in Claim 1, wherein the 
data storage device is sa programmable read-only memory. 

15 3. A cryptographic \device as in Claim 1, wherein the 

cryptographic characteristics include one or more of the 
following: availability of direct access to one or more 
mathematical primitive operations, availability of public key 
encryption, permissible maximum^ length of public key, 

20 permissible maximum length of DE^ key, and availability of 
DES key encryption. 



4. A computer readable storage medium on which access 
permission data is stored in accordark:e with a predefined 
data structure, the access permission Niata representing an 
25 availability of one or more cryptograplric characteristics in 
accordance with which one or more of cryptographic operations 
are performed by a cryptographic device, wherein once a value 
or values of the access permission data are, stored on the 
storage medium, the value or values of the access permission 
30 data cannot be changed. 



5. A computer readable storage medium as \n Claim 4, 
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wherein the cryptographic characteristics include one or more 
of\the following: availability of direct access to one or 
more^ mathematical primitive operations, availability of 
publrc key encryption, permissible maximum length of public 
key, permissible maximum length of DES key, and availability 
of DES \ey encryption. 

6. V cryptographic device, comprising: 

aXprocessor for executing instructions and/or 
accessing data to perform one or more cryptographic 
operation that each necessitate the performance of one 
or more sub-operations; and 

one or\more data storage devices for storing a 
first set of Vmstructions and/or data used to perform 
one or more sub-operations of a cryptographic operation, 
and a second set: of instructions and/or data, distinct 
from the first siet of instructions and/or data, used to 
perform the one oV more cryptographic operations, 
wherein the second\set of instructions and/or data 
includes one or mora instructions that cause performance 
of instructions and/or access of data from the first set 
of instructions and/on data so that one or more of the 
sub-operations are performed; and 

means for allowing nccess to the first set of 
instructions and/or data Vrom a device external to the 
cryptographic device. \ 

7. A cryptographic device as in Claim 6, wherein the 
one or more sub-operations comprise one or more mathematical 
primitive operations. \ 

8. A cryptographic device as ir\ Claim 7, wherein the 
mathematical primitive operations include one or more of the 
following: a mod reduce operation, an afid operation, a 
subtract operation, a multiply operation, \a divide operation, 



an^exponentiate operation, an inverse modulo operation, an 
X0R Vperation, a DES operation and an random number generator 
operation . 

9. \ A cryptographic device as in Claim 6, wherein the 
cryptographic operations include one or more of the 
following: \ RSA encrypt, RSA decrypt, DSA sign, DSA verify, 
Dif f ie-Hellman and elliptic curve. 

10. A crVptographic device as in Claim 6, wherein the 
first set of instructions and/or data used to perform one or 
more sub-operations are stored in a read-only memory device. 

11. A cryptographic device as in Claim 10, wherein at 
least some of the second set of instructions and/or data used 
to perform the one oAmore cryptographic operations are 
stored in an erasable Vrogrammable read-only memory device. 

12. A cryptographies device as in Claim 11, wherein at 
least some of the second ^et of instructions and/or data used 
to perform the one or more Vryptographic operations are 
stored in a read-only memoryy device . 

13. A cryptographic deviVe as in Claim 6, wherein at 
least some of the second set of\ instructions and/or data used 
to perform the one or more cryptographic operations are 
stored in an erasable programmable read-only memory device. 

14. A computer readable storage medium encoded with one 
or more computer programs for enabling performance of 
cryptographic operations, comprising :\ 

a first set of instructions \and/or data used to 
perform one or more sub-primitive \operations ; and 

a second set of instructions and/or data, distinct 
from the first set of instructions and/or data, used to 
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s^rform one or more cryptographic operations, wherein 
the second set of instructions and/or data includes one 
or Vore instructions that cause performance of 
instructions and/or access of data from the first set of 
instructions and/or data so that one or more of the sub- 
sub-operations are performed; and 

a third set of instructions and/or data for 
allowing Vnd mediating access to the first set of 
instruction^ and/or data from a device external to a 
device of wh^ch the computer readable storage medium is 
part . 



15. A cryptographic device as in Claim 14, wherein the 
one or more sub-operations comprise one or more mathematical 
primitive operations. 

15 16. A computer readable storage medium as in Claim 15, 

wherein the mathematical primitive operations include one or 
more of the following: a moQ reduce operation, an add 
operation, a subtract operation, a multiply operation, a 
divide operation, an exponentiate operation, an inverse 

20 modulo operation, an XOR operation, a DES operation and an 
random number generator operatioi 



17. A computer readable storage medium as in Claim 13, 
wherein the cryptographic operation^ include one or more of 
the following: RSA encrypt, RSA decrypt, DSA sign, DSA 
25 verify, Dif f ie-Hellman and elliptic curve. 



